gecko-dev

Read-only Git mirror of the Mercurial gecko repositories at https://hg.mozilla.org. How to contribute: https://firefox-source-docs.mozilla.org/contributing/contribution_quickref.html

Перейти к файлу

Luca Greco 166d68dc58 Bug 1707214 - Ensure we don't cache dataTransfer.files when accessed by expanded principals. r=mixedpuppy,nika This doesn't seem a recent regression, the underlying issue is that we don't account for the Extensions content scripts (and user scripts) as other principals that may be able to intercept a drop event and then try to access the dataTransfer.files property before the webpage does. As the big inline comment inside DataTransferItemList::Files does explain, keeping a copy of the FileList when accessed from a webpage principal is necessary for spec compliance, while we don't cache it when it is being accessed by system principal code. (see https://searchfox.org/mozilla-central/rev/6cbe34b441f7c7c29cd1e5f0e19c7000142f1423/dom/events/DataTransferItemList.cpp#200-242) The changes in this patch are preventing us from caching the file list also when accessed by expanded principals (which are never going to be used for any web page, but they are used by both Extensions content scripts and Extensions user scripts), along with adding a new. regression test to prevent it from regressing without being noticed. Without this patch, when an extension content script or user script does intercept the drop event and access the dataTransfer.files property, we cache the FileList created for the ExpandedPrincipal associated to the Extension script and after that if the page try to access it we do return null because the webpage principal doesn't subsume the expanded principal (which is also why the issue isn't triggered if the webpage does access it first). In debug build we crash because we hit the assertion in DataTransferItemList::Files right before the earlier nullptr return we hit on release. Differential Revision: https://phabricator.services.mozilla.com/D113555		2021-04-30 19:48:41 +00:00
.cargo	Bug 1622846 - Update BlendFactor API in WebGPU r=webidl,jimb,smaug	2021-04-22 19:18:49 +00:00
.vscode	Bug 1701913 - Documentation regarding Remote Development over SSH using VS Code. r=marco	2021-03-30 14:44:51 +00:00
accessible	Bug 1694865 part 12: Move COM IAccessibleApplication implementation to new ia2AccessibleApplication class. r=morgan	2021-04-30 12:21:42 +00:00
browser	Bug 1707214 - Ensure we don't cache dataTransfer.files when accessed by expanded principals. r=mixedpuppy,nika	2021-04-30 19:48:41 +00:00
build	Bug 1707957 - Add a valgrind suppression for a GTK leak. r=stransky	2021-04-30 12:36:51 +00:00
caps	Bug 1706593: Update prePath to camel case in nsIPrincipal.idl r=Gijs	2021-04-30 11:16:31 +00:00
chrome	Bug 1695162 - Use range-based for instead of custom hashtable iterators. r=xpcom-reviewers,kmag	2021-03-17 15:49:46 +00:00
config	Bug 1697215 - Disable value profiling in Rust PGO until we move to to rust 1.52. r=firefox-build-system-reviewers,glandium	2021-04-28 09:56:12 +00:00
devtools	Bug 1701056 - disable browser_target_list_various_descriptors.js on Linux_64_opt for frequent failures. r=intermittent-reviewers,ahal DONTBUILD	2021-04-30 15:59:35 +00:00
docs	Bug 1706751 - Fix spell lint. r=fix CLOSED TREE	2021-04-30 20:19:55 +03:00
docshell	Bug 1694662 - Remove nsIApplicationCacheChannel usage from docshell r=dragana	2021-04-30 07:20:21 +00:00
dom	Bug 1707214 - Ensure we don't cache dataTransfer.files when accessed by expanded principals. r=mixedpuppy,nika	2021-04-30 19:48:41 +00:00
editor	Bug 1707630 - part 3: Make `EditorBase::CreateNodeWithTransaction()` return error if failed r=m_kato	2021-04-28 03:33:26 +00:00
extensions	Bug 1700051: part 51) Const-qualify `mozInlineSpellStatus::mCreatedRange`. r=smaug	2021-04-30 07:47:30 +00:00
gfx	Bug 1702394 - Work around small memory leaks in Mesa drivers. r=jgilbert	2021-04-30 16:20:15 +00:00
gradle/wrapper	…
hal	Bug 1701789 - Restore UserProximityEvent r=smaug	2021-03-30 20:44:47 +00:00
image	Bug 1694662 - Remove appcache from imgRequest/imgLoader r=kershaw	2021-04-30 07:20:21 +00:00
intl	Bug 1706318 - Rename connector pattern override preference; r=zbraniecki	2021-04-26 18:11:59 +00:00
ipc	Bug 1706526 - Check for failure to duplicate shared memory file descriptors. r=nika	2021-04-30 00:03:23 +00:00
js	Bug 1708409 - Include libFuzzer in xpcshell r=decoder	2021-04-30 17:46:15 +00:00
layout	Bug 1491797 - disable browser_bug1163304.js on Linux_64 for frequent failures. r=intermittent-reviewers,ahal DONTBUILD	2021-04-30 16:27:03 +00:00
media	Bug 1679522 - Fix include directives and forward declarations. r=andi,necko-reviewers,jgilbert	2021-03-25 10:19:44 +00:00
memory	Bug 1515229 - Make MozStackWalk/MozWalkTheStack frame skipping more reliable. r=gerald,nika,bobowen,jld	2021-04-16 04:06:02 +00:00
mfbt	Bug 1704775 part 10 - Disable unsupported c++ tests. r=glandium	2021-04-27 06:09:27 +00:00
mobile	Bug 1706499 - Reset batch edit count on InputConnection.closeConnection. r=geckoview-reviewers,agi	2021-04-28 05:42:17 +00:00
modules	Backed out 4 changesets (bug 1708235, bug 1708236) for causing build bustages. CLOSED TREE	2021-04-30 20:01:22 +03:00
mozglue	Bug 1635442 - Only initialize LUL when the StackWalk feature is requested on Linux, r=gerald.	2021-04-29 15:27:26 +00:00
netwerk	Bug 1707078 - Change some raw pointers into WeakPtr in Http2Session r=necko-reviewers,valentin	2021-04-30 11:39:18 +00:00
nsprpub	Bug 1708093 - NSPR_4_31_BETA1. r=bbeurdouche UPGRADE_NSPR_RELEASE	2021-04-29 08:41:41 +00:00
other-licenses	Bug 1692893 - Minimal patch: Workaround atk extern "C" issue. r=Jamie	2021-02-16 00:40:33 +00:00
parser	Bug 1694662 - Remove appcache logic from content sink r=necko-reviewers,dragana	2021-04-30 07:20:18 +00:00
python	Bug 1708005: Remove `target_dir` from `RustLibrary` r=firefox-build-system-reviewers,glandium	2021-04-29 15:19:09 +00:00
remote	Bug 1701674 - [remote] Add handling of expectation data to readme. r=remote-protocol-reviewers,jdescottes	2021-04-27 12:43:31 +00:00
security	Bug 1705045 - Quietly deny `MADV_MERGEABLE` in Linux sandbox policies that filter `madvise`. r=gcp	2021-04-30 00:24:15 +00:00
services	Bug 1648281 - Removed incoming telemetry for newFailed and reconciled for sync ping r=markh	2021-04-30 00:40:12 +00:00
servo	Backed out changeset e01ec8694924 (bug 1700957) as requested. CLOSED TREE	2021-04-28 18:09:01 +03:00
startupcache	Bug 708901 - Migrate to nsTHashSet in startupcache. r=dthayer	2021-03-23 10:36:39 +00:00
storage	Bug 1679522 - Fix include directives and forward declarations. r=andi,necko-reviewers,jgilbert	2021-03-25 10:19:44 +00:00
taskcluster	Bug 1708401 - run windows10x32 as tier-1, not tier-2. r=ahal	2021-04-30 15:17:48 +00:00
testing	Bug 1708699 - Add the ability to set headers from GET parameters in document-builder.sjs. r=mconley.	2021-04-30 15:48:53 +00:00
third_party	Bug 1708634 - Remove the now unused vendored rust crates. r=emilio	2021-04-30 09:17:56 +00:00
toolkit	Bug 1565854 - Abstract out about:addons Manage Shortcut shortcutKeyMap into a specialized DefaultMap subclass. r=mixedpuppy	2021-04-30 19:39:27 +00:00
tools	Bug 1708591 - Disable test_eslint.py on Windows. r=sylvestre	2021-04-30 08:12:31 +00:00
uriloader	Bug 1694662 - Remove OfflineCache update logic r=necko-reviewers,dragana	2021-04-30 07:20:19 +00:00
view	Backed out changeset 93fd52dafca2 (bug 1689682) as requested by haik. CLOSED TREE	2021-03-14 04:29:17 +02:00
widget	Bug 1707598 - Make sure that command events from activateItem only run once the nested event loop for the NSMenu has been exited. r=harry	2021-04-30 17:45:59 +00:00
xpcom	Bug 1708409 - Include libFuzzer in xpcshell r=decoder	2021-04-30 17:46:15 +00:00
xpfe/appshell	Backed out changeset 49744f943e16 (bug `1682136`) for putting browser window partially behind left and top taskbars on older Windows versions (bug 1705504).	2021-04-18 11:32:17 +03:00
.arcconfig	…
.babel-eslint.rc.js	Bug 1702166 - Update ESLint, Babel and associated modules to the latest versions. r=mossop,nchevobbe	2021-04-04 08:05:39 +00:00
.clang-format	…
.clang-format-ignore	Bug 1686831 - Import glibc printf test cases verbatim. r=mhoye	2021-01-28 09:48:53 +00:00
.cron.yml	Bug 1705639 - bump max run time for periodic-update job. r=RyanVM,releng-reviewers,jmaher DONTBUILD	2021-04-16 14:52:53 +00:00
.eslintignore	Bug 1682719 - [meta] Enables eslint on browser/extensions/screenshots. r=emalysz	2021-04-20 19:39:48 +00:00
.eslintrc.js	Bug 1705127 - Enable more ESLint rules for some more dom/security/test directories. r=ckerschb	2021-04-15 11:11:18 +00:00
.flake8	Bug 1622676 - Made dom/base flake8 compliant.r=championshuttler,sylvestre	2021-03-24 15:26:06 +00:00
.git-blame-ignore-revs	…
.gitattributes	…
.gitignore	Bug 1687154 - Add raptor's generated files to .gitignore. r=glandium DONTBUILD	2021-01-19 00:34:55 +00:00
.hg-annotate-ignore-revs	…
.hg-format-source	…
.hgignore	Bug 1703105 - wasm: Move generate-spectest tool into tree. r=lth	2021-04-13 16:41:46 +00:00
.hgtags	No bug - tagging a69c07c7da3a386e3baf4b7d604312d3fa974273 with FIREFOX_NIGHTLY_89_END a=release DONTBUILD CLOSED TREE	2021-04-19 19:08:56 +00:00
.lldbinit	…
.mailmap	…
.prettierignore	Bug 1667276 - Part 3: Load a custom prefs file when running a background task. r=mossop,KrisWright	2021-01-27 22:54:25 +00:00
.prettierrc	…
.taskcluster.yml	Bug 1696944 - Part 3 - Add new image to taskcluster.yml. r=aki	2021-03-17 11:22:02 +00:00
.trackerignore	…
.yamllint	…
.ycm_extra_conf.py	…
AUTHORS	…
CLOBBER	Bug 1705372 - Add new Amazon search engine definitions. r=daleharvey	2021-04-27 18:46:35 +00:00
Cargo.lock	Bug `1705734` - Enable BFCache for pages with *unload event listeners on Android, r=peterv	2021-04-30 11:17:01 +00:00
Cargo.toml	Bug 1708634 - Hack mio so that it depends on winapi 0.3 and miow 0.3. r=emilio	2021-04-30 09:17:56 +00:00
GNUmakefile	…
LICENSE	…
Makefile.in	…
README.txt	…
aclocal.m4	…
build.gradle	Bug `1685390` - Update apilint to 0.4.1. r=esawin	2021-01-08 16:17:22 +00:00
client.mk	Bug 1683797: Removes unnecessary lines from client.mk r=sheehan,firefox-build-system-reviewers,glandium	2021-03-09 14:45:24 +00:00
client.py	Bug 1705730 - remove update_libffi option from client.py. r=firefox-build-system-reviewers,mhentges	2021-04-16 20:50:15 +00:00
configure.in	…
configure.py	…
gradle.properties	…
gradlew	…
gradlew.bat	…
mach	Bug 1700419 - Remove py2commands logic from mach driver.r=ahal	2021-03-26 05:26:47 +00:00
mach.ps1	Bug 1686256 - Add Windows friendly wrapper for mach r=mhentges,firefox-build-system-reviewers,dmajor	2021-01-20 02:08:40 +00:00
moz.build	Bug 1682898 Migrate Performance Best Practices for Front-end Engineers MDN page to in-tree docs r=firefox-source-docs-reviewers,bas,ahal	2021-03-30 16:02:41 +00:00
moz.configure	Bug 1704580 - Move various rust-related configure items to rust.configure. r=firefox-build-system-reviewers,mhentges	2021-04-20 00:33:58 +00:00
mozilla-config.h.in	…
old-configure.in	Bug 1377445 - Remove build dependencies on gtk+2. r=firefox-build-system-reviewers,mhentges	2021-04-20 01:57:03 +00:00
package-lock.json	Bug `1556460` - Upgrade jsdoc version to 3.6.6. r=ahal	2021-04-16 16:17:26 +00:00
package.json	Bug `1556460` - Upgrade jsdoc version to 3.6.6. r=ahal	2021-04-16 16:17:26 +00:00
settings.gradle	…
substitute-local-geckoview.gradle	…
test.mozbuild	…

README.txt

An explanation of the Firefox Source Code Directory Structure and links to
project pages with documentation can be found at:

    https://firefox-source-docs.mozilla.org/contributing/directory_structure.html

For information on how to build Firefox from the source code and create the patch see:

    https://firefox-source-docs.mozilla.org/contributing/contribution_quickref.html

If you have a question about developing Firefox, and can't find the solution
on https://firefox-source-docs.mozilla.org/, you can try asking your question on Matrix at chat.mozilla.org in `Introduction` (https://chat.mozilla.org/#/room/#introduction:mozilla.org) channel.


Nightly development builds can be downloaded from:

    https://archive.mozilla.org/pub/firefox/nightly/latest-mozilla-central/
            - or -
    https://www.mozilla.org/firefox/channel/desktop/#nightly

Keep in mind that nightly builds, which are used by Firefox developers for
testing, may be buggy.